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AMENDMENT TO CLAIMS 

In the Claims 

Please AMEND claims 1, 5, 8 and 10. 

1 . (Currently Amended) A method for improving the operation of equipment used to 
protect a web server against attack, comprising the acts of: 

reading a source address of a message received during an attack; 
checking a database of privileged source addresses; and 

instructing protective equipment for a web server to pass the received message to the web 
server, regardless of an ongoing attack, when the source address of the received message 
matches an address contained in the database of privileged source addresses; 

when the source address of the received message does not appear in the database of 
privileged source addresses, checking a database of blocked source addresses: and 

when the source address of the received message does not appear in the database of 
blocked source addresses, adding the source address of the received message to the database 
of blocked source addresses . 

2. (Original) The method of claim 1, wherein the database of privileged source addresses 
includes a source address of a customer known to the web server. 

3. (Original) The method of claim 1, wherein the database of privileged source addresses 
includes a source address of a user known to the web server. 

4. (Original) A method for improving the operation of equipment used to protect a web 
server against attack by a vandal, comprising the acts of: 

reading a source address of a message received during an attack; 
checking a database of privileged source addresses for appearance of the source address 
of the received message; 
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when the source address of the received message appears in the database of privileged 
source addresses, instructing protective equipment to pass the received message to a web 
server; 

when the source address of the received message does not appear in the database of 
privileged source addresses, checking a database of blocked source addresses for appearance 
of the source address of the received message; and 

when the source address of the received message does not appear in the database of 
blocked source addresses, adding the source address of the received message to the database 
of blocked source addresses and instructing the protective equipment to block the received 
message and to block subsequent messages that bear the source address of the received 
message 

5. (Currently Amended) Protective equipment for guarding a web server against attack, 
comprising: 

an address decoder for reading a source address of a message received during an attack; 
a database of privileged source addresses; 
a database of blocked source addresses: and 

logic for instructing protective equipment for a web server to pass the message received 
during the attack to the web server when the source address of the message received during 
the attack matches a privileged source address contained in the database of privileged source 
addresses, regardless of an ongoing attack; 

when the source address of the received message does not appear in the database of 
privileged source addresses, checking the database of blocked source addresses: and 

when the source address of the received message does not appear in the database of 
blocked source addresses, adding the source address of the received message to the database 
of blocked source addresses. 
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6. (Original) The intrusion detection security system of claim 5, wherein the database of 
privileged source addresses includes a source address of a customer known to access the web 
server. 

7. (Original) The intrusion detection security system of claim 5, wherein the database of 
privileged source addresses includes a source address of a known users of the web server, 

8. (Currently Amended) Protective equipment for guarding a web server against attack, 
comprising: 

an address decoder for reading a source address of a message received during an attack; 
a database of privileged source addresses, which passes a packet containing a privileged 
source address to the web server regardless of an ongoing attack; 
a database of blocked source addresses; and 

logic for checking the database of privileged source addresses and the database of 
blocked source addresses for appearance of the source address of the message received 
during the attack and, responsive to the appearance, instructing protective equipment to block 
incoming messages that bear the source address of the message received during the attack; 

when the source address of the received message does not appear in the database of 
privileged source addresses, checking the database of blocked source addresses: and 

when the source address of the received message does not appear in the database of 
blocked source addresses, adding the source address of the received message to the database 
of blocked source addresses . 

9. (Previously Presented) Protective equipment for guarding a web server against attack, 
comprising: 

an address decoder for reading a source address of a message received during an attack; 
a database of privileged source addresses; 
a database of blocked source addresses; and 
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logic for: 

checking the database of privileged source addresses for appearance of the 
source address of the received message; 

when the source address of the received message appears in the database 
of privileged source addresses, instructing protective equipment to pass the 
received message to a web server, regardless of an ongoing attack; 

when the source address of the received message does not appear in the 
database of privileged source addresses, checking the database of blocked source 
addresses for appearance of the source address of the received message; and 

when the source address of the received message does not appear in the 
database of blocked source addresses, adding the source address of the received 
message to the database of blocked source addresses and instructing the protective 
equipment to block the received message and to block subsequent messages that 
bear the source address of the received message. 

10. (Currently Amended) Th e m e thod of claim 1, furth e r comprising: A method for 
improving the operation of equipment used to protect a web server against attack, comprising 
the acts of: 

reading a source address of a message received during an attack: 
checking a database of privileged source addresses: 

instructing protective equipment for a web server to pass the received message to the web 
server, regardless of an ongoing attack, when the source address of the received message 
matches an address contained in the database of privileged source addresses: 

detecting cessation of the attack; 
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removing one or more source addresses used by an attacker from a database of blocked 
source addresses; and 

unblocking the one or more source addresses just removed. 



